.. _network-interface: Controlling Network Interface ============================= Provides the functionality to disable interfaces when a risk event occurs. This feature is part of the various control methods offered by ZTNA, specifically the interface control functionality. - Administrators can define various conditions as policies to control the network interfaces of endpoints. You can configure endpoint users' Windows devices to disable wired, wireless, bridge, and promiscuous modes. Additionally, custom messages displayed in pop-ups can notify users of events where interfaces are disabled. Network Interface Control Options Configuration ------------------------------------------------------------------------ #. **Block by Type**: Specify the type of network to disable (*Wired, Wireless, or All*). #. **Default Device Exception**: When set to "On," network devices capable of communicating with the policy server are excluded from being blocked. #. **Bridge Blocking**: When set to "On," forces bridge interfaces to be disabled, regardless of the Default Device Exception option. #. **Promiscuous Blocking**: When set to "On," forces promiscuous interfaces to be disabled, regardless of the Default Device Exception option. #. **Block Notifications**: Sends messages to users for interface block events via options such as (*Custom User Message or Agent Pop-Up*). #. **Internet Connection Sharing**: Disables the Internet Connection Sharing property of the interface. #. **IPv6**: Disables the IPv6 property of the interface. #. **Wi-Fi Random Hardware Address**: Disables the randomized hardware address feature for wireless interfaces. - **Control Method**: Selecting 'Change Value Only' applies the value change, requiring a reboot. Selecting 'Apply Immediately' restarts the network interface, which may disconnect wireless network connections. - **Notification Options**: Specify the notification method based on the 'Control Method'. Choosing 'No Notification' under 'Apply Immediately' will restart the network interface immediately after configuration changes. - **Application Delay**: When 'User Notification' is selected under 'Apply Immediately,' you can configure the time to display the notification before immediate application. Configuring Network Interface Control Policies via Node Policies ------------------------------------------------------------------------ #. Navigate to the **Policy** section in the top menu. #. Go to **Policy > Node Policy > Node Action** in the left menu. #. In the Node Action Management window, find and click **Interface Control**. #. Configure the necessary options in the **Plugin Settings** section. #. Navigate to **Policy > Node Policy** in the left menu. #. Click the node policy to which you want to apply the interface control policy. #. Find **Node Action Settings** and click **Assign**. #. Drag **Interface Control** from **Available** to the **Selected** section. #. Click the **Add** button. #. Click the **Modify** button. #. Click the **Apply Policy Changes** button in the top-right corner. Configuring Network Interface Control Policies via Control Policies ------------------------------------------------------------------------ **Step 1. Create a Target Node Group** #. Navigate to the **Policy** section in the top menu. #. Go to **Group > Node** in the left menu. #. Click **Select Action > Create**. #. Click the **Add** button. #. Set the conditions for the target and click **Add**. #. Click the **Create** button. **Step 2. Create a Control Action** #. Go to **Policy > Control Policy > Control Action** in the left menu. #. Click **Select Action > Create**. #. Select the **Interface Control** plugin in the Plugin Selection section. #. Configure the **Conditions** and options. #. Click the **Create** button. **Step 3. Create a Control Policy** #. Go to **Policy > Control Policy > Control Policy** in the left menu. #. Click **Select Action > Create**, and complete the **Control Policy Wizard**. #. In the **Policy Default Settings** tab, enter the **Policy ID** to use. #. In the **Node Group Settings** tab, select the **newly added node group** and move it to the **Selected** section. #. Configure the desired options in the **Permission Assignment** and **Control Options** tabs. #. In the **Control Action Settings** tab, find the **created control action** and move it to the **Selected** section. #. Click the **Finish** button. #. Click the **Apply Policy Changes** button in the top-right corner.